CVE-2023-35815

Name of the Vulnerable Software and Affected Versions DevExpress versions prior to 23.1.3

Description The issue concerns a data-source protection mechanism bypass during the deserialization of XML data. This means that the normal protections in place to safeguard data sources can be circumvented when processing XML data, potentially leading to unauthorized access or manipulation of sensitive information.

Recommendations For versions prior to 23.1.3, update to version 23.1.3 or later to resolve the issue. As a temporary workaround, consider restricting or closely monitoring the deserialization of XML data to minimize the risk of exploitation.